Rewrote the encryption to allow for command line mounting unmounting and auto adding of ssh keys on usb stick

author: Natasha Moongrave <natasha@256phi.eu> 2026-05-11 12:56:10 +0200
committer: Natasha Moongrave <natasha@256phi.eu> 2026-05-11 12:56:10 +0200
commit: 7d2a0e5f3f2d2d8ff5e7a3b0e8cc60cdb631e096 (patch)
tree: 5d6f44cdf63c5edb55ea29b8ee9e646ab604d7e6
parent: 4b0b8d385062c7642e8763a73530bc5f3b02a303 (diff)
1 files changed, 17 insertions, 6 deletions
diff --git a/system/encryption.nix b/system/encryption.nix
index 152d657..76a4245 100644
--- a/system/encryption.nix
+++ b/system/encryption.nix
@@ -1,17 +1,28 @@
 {pkgs, ...}: {
-  environment.systemPackages = with pkgs; [
-    cryptsetup
-  ];
-
   environment.etc."crypttab" = {
     text = ''
-      ssh-keys UUID=da31e270-80d4-4a89-9633-87dd4d736ca2 none noauto,x-systemd.device-timeout=0
+      ssh-keys UUID=your-uuid-here none noauto,x-systemd.device-timeout=0
     '';
   };
 
   fileSystems."/mnt/ssh-keys" = {
     device = "/dev/mapper/ssh-keys";
     fsType = "ext4";
-    options = ["noauto" "nofail" "x-systemd.automount" "x-systemd.idle-timeout=300"];
+    options = ["noauto" "nofail" "users" "exec"];
   };
+
+  # define the scripts as system commands
+  environment.systemPackages = with pkgs; [
+    cryptsetup
+    (writeShellScriptBin "keys-mount" ''
+      sudo systemctl start systemd-cryptsetup@ssh\x2dkeys.service
+      sudo mount /mnt/ssh-keys
+      ssh-add /mnt/ssh-keys/id_ed25519
+    '')
+    (writeShellScriptBin "keys-umount" ''
+      ssh-add -d /mnt/ssh-keys/id_ed25519
+      sudo umount /mnt/ssh-keys
+      sudo systemctl stop systemd-cryptsetup@ssh\x2dkeys.service
+    '')
+  ];
 }
author	Natasha Moongrave <natasha@256phi.eu>	2026-05-11 12:56:10 +0200
committer	Natasha Moongrave <natasha@256phi.eu>	2026-05-11 12:56:10 +0200
commit	7d2a0e5f3f2d2d8ff5e7a3b0e8cc60cdb631e096 (patch)
tree	5d6f44cdf63c5edb55ea29b8ee9e646ab604d7e6
parent	4b0b8d385062c7642e8763a73530bc5f3b02a303 (diff)